FCC proposes privacy rules for Internet providers

The decision comes as part of a dispute between the FCC and two states, Tennessee and North Carolina, about expanding superfast internet service in their respective cities of Chattanooga and Wilson to surrounding areas. Both states had passed laws preventing such expansion. The FCC last year voted 3-2 to override those laws.

Photo: Associated Press /File photo

WASHINGTON — Federal regulators have proposed a set of privacy rules for Internet service providers that would significantly curb the ability of companies such as AT&T, Comcast and Verizon to share data about their customers’ online activities with advertisers without permission from users.

In the proposal, before the Federal Communications Commission, the agency’s chairman, Tom Wheeler, called for broadband service providers to disclose clearly how data may be collected about users’ online browsing and other activities. The plan also called for the companies to bolster the security of customer data.

The rules, if approved, would establish first-time privacy rules for companies that manage Web traffic and would create some of the strongest privacy regulations for any segment of the technology and telecommunications industries. It is the first major regulatory action of broadband providers after the FCC’s declaration last year that high-speed Internet carriers should be treated like utilities.

In a statement, Wheeler said that since Internet service providers handle all network traffic, the companies have a “broad view of all of your unencrypted online activity.” He added that “even when data is encrypted, your broadband provider can piece together significant amounts of information about you — including private information such as a chronic medical condition or financial problems — based on your online activity.”

The regulations would put broadband providers under stronger privacy oversight than Internet companies such as Google and Facebook. Those companies are monitored by the Federal Trade Commission, whose ability to create specific privacy rules is limited.

Many privacy advocates have pushed for a greater role by other agencies because the FTC cannot create rules for online privacy and can only monitor data collection practices as an enforcement agency.

“This is nothing short of a historic moment,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “Unlike the Federal Trade Commission, the FCC has the legal authority to enact safeguards that will allow an individual to have real control over how their information can be gathered and used.”

Some privacy experts said Internet service providers were capable of stitching together a more complete picture of a consumer by tracking the sites a customer visits using its network. Because more devices in the home are now connected to Wi-Fi, the broadband providers also have more ways to collect data on their customers for online advertising, said Harold Feld, a senior vice president of the nonprofit media advocacy group Public Knowledge.

In an enforcement action against Verizon this week, the FCC found that the wireless company was using “supercookies” to continue tracking the activity of users through mobile browsers even when the customers tried to delete cookies — small files created by sites that are stored on devices and used to track activity — from browsers.

Under the proposal, broadband service providers still could collect and share data with other communications-related affiliates without permission. That would allow Verizon’s broadband business, called FiOS, for example, to give personal information about a user to its wireless service to market mobile data plans.

But the Internet service providers would not be able to share data with noncommunications partners without permission. This would prohibit a broadband service such as Google Fiber from blending consumer information with search, maps and email habits of a consumer, the FCC said. Verizon also would not be able to share customer data with AOL, a media site it owns, without permission.

The FCC’s proposal already has drawn protest by telecom and cable companies, which have pointed to the FTC as a strong privacy enforcer. But the FCC has argued that after it reclassified broadband as a utility, it was compelled by law to create privacy rules.

In a recent blog post, AT&T said Internet service providers were collecting less data as more sites become encrypted. Also, consumers are choosing virtual private networks that prevent broadband providers from seeing the sites they visit, the company said. Websites like Google are leading behavioral advertising companies that should be held to the same standards as broadband access providers, AT&T said.